CVE-2023-50453

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-50453
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50453.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-50453
Published
2023-12-10T19:15:07.480Z
Modified
2026-04-10T05:06:27.723840Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public.

References

Affected packages

Git / github.com/zammad/zammad

Affected ranges

Type
GIT
Repo
https://github.com/zammad/zammad
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ec4ddb8ae6a55d1c8e64ab5ddda9ff3e9d4f45c8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
886f395c4f7246d374bed75dbae87b230ae2bab8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9c250aa912971ae5832f3b8d5693774bf1e78a6f
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.1.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.1.0-alpha"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.0-alpha"
        }
    ]
}

Affected versions

1.*
1.6.0
3.*
3.7.0
5.*
5.2.0-alpha
5.3.0-alpha
5.4.0-alpha
5.5.0-alpha
6.*
6.0.0-alpha
6.1.0
6.1.0-alpha
6.2.0-alpha

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50453.json"